Hi Timour, Ok to push. On Tue, Aug 23, 2011 at 03:41:55PM +0300, timour@askmonty.org wrote:
At file:///home/tsk/mprog/src/5.3/
------------------------------------------------------------ revno: 3166 revision-id: timour@askmonty.org-20110823123915-jxf9hvxq2hy03rr7 parent: timour@askmonty.org-20110822210013-egubev0wgyi00wjt fixes bug(s): https://launchpad.net/bugs/825018 committer: timour@askmonty.org branch nick: 5.3 timestamp: Tue 2011-08-23 15:39:15 +0300 message: Fixed bug lp:825018
Analysis: During the first execution of the query through the stored procedure, the optimization phase calls substitute_for_best_equal_field(), which calls Item_in_optimizer::transform(). The latter replaces Item_in_subselect::left_expr with args[0] via assignment. In this test case args[0] is an Item_outer_ref which is created/deallocated for each re-execution. As a result, during the second execution Item_in_subselect::left_expr pointed to freed memory, which resulted in a crash.
Solution: The solution is to use change_item_tree(), so that the origianal left expression is restored after each execution.
BR Sergey -- Sergey Petrunia, Software Developer Monty Program AB, http://askmonty.org Blog: http://s.petrunia.net/blog